From 3abd5377b5fbb66ac6f4ccc988b2b7b675283eb6 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Sun, 8 Nov 2020 21:23:29 +0100
Subject: [PATCH] auto-kick spammers not setting a postid

---
 chat.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/chat.php b/chat.php
index 690eea5..997a2d3 100644
--- a/chat.php
+++ b/chat.php
@@ -2926,9 +2926,12 @@ function validate_input() : string {
 	$maxmessage=get_setting('maxmessage');
 	$message=mb_substr($_POST['message'], 0, $maxmessage);
 	$rejected=mb_substr($_POST['message'], $maxmessage);
-	if($U['postid']===$_POST['postid']){// ignore double post=reload from browser or proxy
+	if(!isset($_POST['postid'])){ // auto-kick spammers not setting a postid
+		kick_chatter([$U['nickname']], '', false);
+	}
+	if($U['postid']===$_POST['postid']){ // ignore double post=reload from browser or proxy
 		$message='';
-	}elseif((time()-$U['lastpost'])<=1){// time between posts too short, reject!
+	}elseif((time()-$U['lastpost'])<=1){ // time between posts too short, reject!
 		$rejected=$_POST['message'];
 		$message='';
 	}